Paper 2020/956

Constant Time Montgomery Ladder

Kaushik Nath and Palash Sarkar

Abstract

In this work various approaches for constant time conditional branching in Montgomery ladder have been studied. A previous method appearing in a code for implementing X25519 has been formalized algorithmically. This algorithm is based on a conditional select operation. We consider a variant of this algorithm which groups together operations in a more convenient manner. Further, we provide a new implementation of the conditional select operation using the cmov operation such that cmov works only on registers. This provides a better guarantee of constant time behavior.

Note: Minor changes

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Montgomery ladderDiffie-Hellman protocolconstant time implementationelliptic curve cryptographyCurve25519Curve448
Contact author(s)
kaushikn_r @ isical ac in
palash @ isical ac in
History
2020-12-11: revised
2020-08-11: received
See all versions
Short URL
https://ia.cr/2020/956
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/956,
      author = {Kaushik Nath and Palash Sarkar},
      title = {Constant Time Montgomery Ladder},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/956},
      year = {2020},
      url = {https://eprint.iacr.org/2020/956}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.